e2e-test-hardener

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [SAFE]: The skill provides legitimate guidance on hardening E2E tests based on established principles (independence, mocking, and flaky prevention). It includes warnings about environment variable leakage and emphasizes proper architectural boundaries.
  • [NO_CODE]: The skill is composed of instructional Markdown files and configuration JSON. It does not ship with executable scripts or binaries that could perform hidden actions.
  • [COMMAND_EXECUTION]: The skill recommends using standard developer tools such as grep and npx playwright test. These commands are used strictly for identifying anti-patterns in code and verifying test stability via burn-in procedures.
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection because it instructs the agent to read and process user-controlled test files and source code. This is classified as a low-risk surface inherent to code-editing skills.
  • Ingestion points: User-provided Playwright test specifications and application source code files (e.g., path/to/tests).
  • Boundary markers: Not explicitly defined in the instructions; the agent treats file content as source code to be refactored.
  • Capability inventory: The agent can execute shell commands (e.g., grep, npx playwright test), read files, and write modifications back to the filesystem.
  • Sanitization: The skill lacks automated sanitization for ingested content, but it explicitly instructs the agent to look for and prevent the exposure of sensitive internal environment variables.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 04:46 PM
Security Audit — agent-trust-hub — e2e-test-hardener